Cybersecurity experts at Securonix have identified a hacker group called TACTICAL#OCTOPUS, which is using tax-related emails to spread malware ahead of the April 18 US tax deadline. The group is using seemingly valid employee tax documents and real estate purchase contracts to get people to download the malware, which gives them access to the victim’s system.
The attacks usually start with password-protected zip files with tax-related names, and a single image file and a link file within the zip file. When the victim double clicks the shortcut file, code execution begins, and other files, including a fictitious PDF, are downloaded onto the victim's computer.
The hackers use tools to capture clipboard data and track keystrokes to gain access to the victim's system. Researchers noted that two IP addresses identified in the attack were registered to a Russian company, and another was linked to a US-based company, though the possibility of a false flag operation cannot be ruled out.
The campaign is part of the annual tax-related scams that increase at the beginning of each year, and the Internal Revenue Service (IRS) identified $5.7 billion in tax fraud schemes last year. In an effort to protect taxpayers, the IRS started a “Dirty Dozen” list of common scams that people may encounter. Many of these schemes peak during the filing season as people prepare their tax returns or hire someone to help with their taxes. The IRS warned people to be vigilant against email and text scams aimed at tricking taxpayers about refunds or tax issues. Bala Kumar, CPO and Identity Theft Expert at Jumio, shared insights on what consumers need to keep in mind around Tax Day: “With Tax Day around the corner, cybercriminals are relentlessly attempting to steal personally identifiable information (PII) and relying on a well-known fraud vector to defraud the public -- phishing attacks. Victims of the Tactical Octopus group are unsuspectingly granting full access to their personal devices by clicking on links shared by the hackers. Laptops, phones and tablets hold passwords, credit card information, email addresses, physical addresses and other valuable information. The Tactical Octopus group is hunting for PII that could help them intercept tax returns for their own financial gain.
These tax-related incidents serve not only as a reminder for filers to protect their identity but also for organizations to understand who they are doing business with. In order to protect consumers and prevent financial loss, organizations need to improve their identity verification capabilities. For example, a fraud prevention solution that uses biometric authentication would prevent hackers from using the victims’ accounts through biometrics -- if the biometrics do not match, the cybercriminal is not granted access. This method protects data and gives consumers the confidence that their PII are secure and out of fraudsters’ hands.”